mau
  • 🧩Account Abstraction
    • 📎Introduction ERC-4337
    • 🙍Key Roles and Their Interactions
      • 📄UserOperation Breakdown and Security Concerns
    • 🌉Interfaces
      • 1️⃣EntryPoint Interface
      • 2️⃣Account Interface
      • 3️⃣Aggregator
    • ⛓️Transaction Nonce
    • 🤝Using Signature Aggregators
    • 🚪Required entry point contract functionality
      • 🏦Paymaster extension
        • 🌉Paymaster Interfaces
    • 🤸Handling UserOperation
      • 🤖Simulation
      • 🔄Alternative Mempools
    • Bundling
      • Forbidden opcodes
    • Reputation
      • Unstaked
      • Specification
    • Storage associated with an address
    • 📚Extra References
  • 🔐Signature
    • 🔁Replay Attack
    • 🗝️Signature Malleability
  • 🧱Ethereum Blockchain
    • 📖Account State
    • 👩‍💻create2 OPCODE
  • 📑Ethereum Improvement Proposals
    • 📄EIP-191
      • 📄ECDSA
      • 📄ABI Encode and Keccak256
    • 📄EIP-712
    • 📄EIP-7212
      • 📄Abstract
      • 📄Motivation
      • 📄Elliptic Curve Signature Verification Steps
      • 📄Verification and Sepecification
      • 📄Rationale
    • 📄EIP-1271
    • 📄EIP-1167
  • ⚒️Foundry
  • 📚DeFi and the Future of Finance - Book
    • 🔧The Problems DeFi Solves
    • 1️⃣DeFi Basics
      • 🪙Equity, Liquidity and Governance Token
      • 🛃Custody
      • 🔄Supply Adjustment
      • 📈Bounding Curve
      • 💸Incentives
      • 🔁Swaps
      • 💰Collateralized/Uncollateralized Loans
    • 2️⃣Credit and Lending
  • ⛽Gas Griefing
    • 1️⃣Understanding Gas in Ethereum
    • 2️⃣Gas Allocation and Contract Interactions
    • 3️⃣Understanding Gas Limits: Exploring the 63/64 Rule
    • 4️⃣Understanding Gas Limits in Contract-to-Contract Calls
    • 5️⃣Gas Griefing Attack
    • 6️⃣Inner Call Out Of Gas Attack
    • 7️⃣Gas Griefing Contest Findings
      • ⛽Withdrawals with high gas limits can be bricked by a malicious user, permanently locking funds
      • ⛽Gas limit check is inaccurate, leading to an operator being able to fail a job intentionally
  • ✏️My Auditing Process
    • ❓How do I start ?
    • ⭕Bounded Context Technique
    • 🌳BTT
  • 🏃‍♀️Productivity
    • ✖️Best way to use Twitter Bookmarks
    • ⌛How to track focused working hours
    • 👩‍💻VS Code plugins to increase performance
    • 🏗️How to create your audit process methodology
    • 📕You should also have your Gitbook
    • 👮Best way to study for Secureum
  • 📙Secureum
    • 📄RACE 4
    • 📄RACE 5
  • 💻Mainnet Attacks
    • 🔁Reentrancy
      • 2022 Dec - Grim Finance
      • 2016 June - The DAO
  • ABI Encode
    • Basic Design
    • Function Selector
    • Elementary Types
    • Formal Specification of the Encoding
    • Examples
    • Events
    • Errors
    • Non-standard Packed Mode
    • References
  • Solidity
Powered by GitBook
On this page
  1. Ethereum Improvement Proposals
  2. EIP-7212

Motivation

“secp256r1” elliptic curve is a standardized curve by NIST which has the same calculations by different input parameters with “secp256k1” elliptic curve used by the “ecrecover” precompiled contract.

  1. NIST standardized curve: The National Institute of Standards and Technology (NIST) has standardized certain elliptic curves for cryptographic purposes. One such curve is "secp256r1".

  2. similar to “secp256k1”: This indicates that the proposed curve ("secp256r1") is similar in terms of mathematical operations to the curve Ethereum currently uses ("secp256k1"). However, they are different curves and are defined by different parameters.

The cost of combined attacks and the security conditions are almost the same for both curves.

  1. security equivalence: This statement argues that the security profile of both curves is roughly equivalent. This is important as any newly introduced cryptographic primitive must not decrease the security of the system.

Adding a precompiled contract which is similar to “ecrecover” can provide signature verifications using the “secp256r1” elliptic curve in the smart contracts and multi-faceted benefits can occur.

  1. Benefits of the new curve: The proposal suggests that there are numerous advantages to supporting the new curve in Ethereum.

One important factor is that this curve is widely used and supported in many modern devices such as Apple’s Secure Enclave, Webauthn, Android Keychain which proves the user adoption.

  1. widespread support: One of the primary motivations is that "secp256r1" is already implemented and used in many modern devices and standards. Thus, supporting it could improve Ethereum's interoperability with these devices and standards.

Additionally, the introduction of this precompile could enable valuable features in the account abstraction which allows more efficient and flexible management of accounts by transaction signs in mobile devices.

  1. Account abstraction: This is an advanced feature in Ethereum that aims to make the management of accounts more flexible. By supporting "secp256r1", the proposal suggests that account abstraction could be made more efficient, especially on mobile devices.

Most of the modern devices and applications rely on the “secp256r1” elliptic curve. The addition of this precompiled contract enables the verification of device native transaction signing mechanisms.

  1. Device-native signing: Many modern devices have built-in mechanisms for securely signing transactions. By supporting the "secp256r1" curve, Ethereum could tap into these device-native mechanisms.

For example: (Apple’s Secure Enclave, Webauthn, Android Keystore, Passkeys)

  1. Examples: The proposal lists several modern platforms and standards that use the "secp256r1" curve. This further emphasizes the potential benefits of integrating this curve into Ethereum.

Modern devices have these signing mechanisms that are designed to be more secure and they are able to sign transaction data, but none of the current wallets are utilizing these signing mechanisms. So, these secure signing methods can be enabled by the proposed precompiled contract to initiate the transactions natively from the devices and also, can be used for the key management.

  1. Usage in modern wallets: The proposal identifies a gap in current Ethereum wallets: they aren't leveraging the secure signing mechanisms of modern devices. By introducing this precompiled contract, Ethereum could enable these more secure signing mechanisms, leading to improved security and user experience.

This proposal aims to reach maximum security and convenience for the key management.

  1. Overall goal: The main objectives are improving security and making key management more convenient for users.

In summary, the motivation for this proposal is to enhance Ethereum's security and interoperability by adding support for a cryptographic curve that's already widely adopted in modern devices and standards. This could lead to better user experiences, more secure transaction signing, and increased utilization of device-native security features.

PreviousAbstractNextElliptic Curve Signature Verification Steps

Last updated 1 year ago

📑
📄
📄